Payment fraud is a major concern in accounts payable (AP) departments. According to a recent survey, “The State of B2B Payment Security in 2024,” conducted by AvidXchange and the Institute of Finance & Management (IOFM), 76% of AP leaders said their department has experienced payment fraud in the past calendar year.
Though opportunities for payment fraud are prevalent in today’s AP departments and the related financial losses are significant, many organizations do not have adequate measures in place to deter these threats or address the potential ramifications.
Our joint report with IOFM details the current state of B2B payment security and shares best practices for better protecting your organization’s financial assets.
What is B2B Payment Fraud?
B2B payment fraud refers to activities aimed at illicitly obtaining funds or valuable assets during business transactions. This type of fraud can be conducted between external parties or even internal employees. Some common forms of B2B payment fraud are listed below.
Invoice fraud: Fraudsters create or alter invoices to divert payments to their own accounts or fictitious entities. They may impersonate legitimate vendors or create fake invoices for goods or services never rendered.
Business email compromise (BEC): Fraudsters impersonate company executives via e-mail and instruct employees to make urgent wire transfers or payments to fraudulent accounts. AP departments are the more common target of these attacks, according to The Association of Financial Professionals 2022 Payments Fraud & Control Survey.
Vendor fraud: Suppliers may engage in fraudulent activities such as overbilling, double invoicing or billing for goods or services not provided. They may also collude with employees within the buyer organization to perpetrate fraud.
Payment diversion: Fraudsters intercept legitimate payment instructions and modify the payment details to redirect funds to their accounts. This can include check fraud.
Phishing: Fraudsters use deceptive tactics to trick employees into revealing sensitive information such as login credentials, which they use to access company systems and initiate fraudulent payments.
Account takeovers: Hackers gain access to company accounts, such as payment systems, to initiate fraudulent transactions or change payment details. This may involve creating “ghost” employees or vendors in the company’s systems to divert payments.
Insider fraud: Employees may collude with fraudsters or act independently to commit payment fraud, leveraging their knowledge of internal systems and processes.
The Prevalence of B2B Payment Fraud in AP Departments
Unfortunately, it’s hard to find an AP department that hasn’t recently been targeted with payment fraud.
As noted above, our B2B Payment Security survey conducted alongside IOFM found that more than three-quarters of AP leaders reported that their department has experienced one or more instances of payment fraud in the past calendar year, including check fraud, phishing and BEC attacks. And this number may be conservative, considering that some fraud schemes go undetected or unreported due to reputational concerns.
Our survey found that less than one-quarter of AP leaders believe their departments’ current tools and processes are “extremely effective” for mitigating payment fraud. Yet 64% said they believe their organization’s risk of payment fraud is higher now than it was at the start of the pandemic in 2020.
The Financial Ramifications of B2B Payment Fraud
The financial repercussions of B2B payment fraud can be debilitating for a business. The Association of Certified Fraud Examiners says that a typical organization loses 5% of its revenue to fraud, with the average loss totaling more than $1.78 million. But even smaller losses can have a big impact on a business.
Our B2B Payment Security survey found that check fraud is the most popular method of payment fraud for businesses, with 30% of AP leaders reporting that paper checks account for most of their organization’s financial losses. Thirty-one percent of AP departments have suffered financial losses due to check fraud, totaling between $50,000 and $1 million in total.
Behind paper checks, survey respondents cited Automated Clearing House (ACH) payments (21%) and wire transfers (12%) as the biggest source of financial losses from fraud.
Beyond financial losses, payment fraud can lead to additional costs, including legal expenses, brand damage, investigation and recovery costs, regulatory fines and penalties, and loss of supplier trust.
Best Practices to Prevent B2B Payment Fraud
AP departments can adopt measures to keep their organization’s payments more secure, fending off payment fraud and its associated consequences.
Automated verification: These systems check supplier information and bank account details. They’re designed to be more efficient than manual processes for preventing unauthorized payments and protecting vulnerable financial information. However, our survey found that only 43% of AP departments currently use an automated solution for verifying supplier bank accounts.
Cybersecurity systems: Regularly assessing and (if needed) updating your organization’s cybersecurity systems can help safeguard AP departments against payment fraud. Our survey found the following measures are often used by respondents to protect against payment fraud:
• Network security (66%)
• Multifactor authentication (62%)
• Anti-virus software (60%)
• Role-based access (53%)
Anti-spyware software, annual employee security and compliance training, complex password requirements and data encryption are other methods organizations use to prevent cyberattacks.
Artificial intelligence (AI): AI technology can play a powerful role within AP departments, especially when it comes to detecting anomalies that potentially indicate fraud. Systems that utilize machine learning can sense patterns within recurring invoices. When an invoice strays from that pattern, the system can flag it.
For example, if your organization receives monthly invoices from your landscaping service for around $600 each month, but the bill is $2,000 in March, an AI tool can alert your AP team. It might just be that the bill was higher to repair a broken irrigation system. But it might be that a fraudster submitted a fake invoice. Either way, the system will tell your team when further research is warranted.
These AI-powered tools can also help identify duplicate invoices and invoices from new or unverified vendors.
Automation: Automating AP processes can mitigate the risk of payment fraud. Our survey found that 53% of AP departments currently use an automated solution to process and/or pay supplier invoices. Of those who use AP automation, 75% said they believe it has helped prevent payment fraud losses for their organization.
AP automation solutions encourage digital transactions, which are generally more secure than paper-based transactions. Plus, they include security features like role-based access, systematic workflows, supplier verification, data encryption and multi-factor authentication, all of which help reduce fraud risks.
Business continuity plans: Though continuity planning won’t prevent fraud, it can mitigate the impact of a security breach and potential business disruptions. Still, our B2B Payment Security survey determined that only 56% of AP departments have a business continuity plan in place in the event of a cybersecurity breach.
Choosing Partners to Decrease B2B Payment Fraud Risk
If your AP department decides to integrate software or automation tools to help alleviate payment fraud risks, consider the following elements.
Data security | The software you choose should comply with guidelines from organizations such as the Federal Financial Institutions Examination Council and Payment Card Industry Security Standards Council. |
System and Organization Controls | AP systems should be assessed under SOC 1 and SOC 2 compliance standards to safeguard data from unauthorized access, breaches and misuse. |
Licensed money transmitter | Payment systems should hold money transmitter licenses to ensure financial regulations are met when sending funds. |
Fraud operations team | A dedicated fraud team stays on top of fraudsters and their evolving tactics to proactively address new developments and protect your business. |
Vendor risk assessment and management | These systems assist in flagging potentially risky vendors prior to engaging with them. |
Employee training | Regular employee security and compliance training keeps employees of technology providers up-to-date on the latest fraud tactics and preemptive security measures. |
Account compromise monitoring | These tools monitor and analyze user accounts and activities for early fraud detection. |
B2B Payment Fraud: Final Thoughts
The imperative for AP departments to remain vigilant against payment fraud cannot be overstated. It’s paramount to adopt robust preventive measures, such as thorough verification requirements and automated processes while cultivating a culture of awareness among staff.
The consequences of payment fraud extend far beyond financial losses, tarnishing organizational reputation. By prioritizing vigilance and investing in proactive strategies, AP departments can better safeguard their financial integrity and fortify stakeholder trust.